Walmart Canada Hacked: 60,000 Credit Cards at Risk

Walmart Canada is investigating a potential breach into their online Photocentre photo processing website, where hackers may have stolen as many as 60,000 credit cards. In response, Walmart Canada shut down the photo website for reasons regarding a “potential compromise of customer credit card data.”

“Our customers’ privacy is of the utmost importance,” the company wrote in a statement Sunday. “We immediately launched an investigation and will be contacting customers who may be impacted.”

Walmart officials have said they do not believe Walmart.com, Walmart.ca or in-store transaction were affected, but rather suggested that all Walmart Canada Online Photocentre customers spend ample time monitoring their credit cards and bank statements for fraudulent charges and are directed to notify their financial institution immediately if unauthorized charges begin to appear.

“We were recently informed of a potential compromise of customer credit card data involving Walmart Canada’s Photocentre website, www.walmartcanadaphotocentre.ca, which is operated by a third-party,” said Alex Roberton, director of corporate affairs and social media at Walmart Canada. “We recommend Walmart Canada’s Online Photocentre customers monitor their card transactions closely and immediately alert their financial institution about any unauthorized charges.”

Robertson also confirmed that the company has shut down their website and mobile application. Walmart Canada also “notified the Office of the Privacy Commissioner of Canada and will continue to work proactively with Canada’s privacy regulators as the investigation continues”

The Privacy Commissioner of Canada has the authority to investigate complaints filed by Canadian citizens, and report on whether there has been a violation of the Privacy Act, which deals with personal information held by the government of Canada, alongside personal information held by the private sector.

As many as 60,000 customer credit cards could be affected in the breach, an anonymous source disclosed to The Globe and Mail.

Walmart Canada’s Photocentre website is managed by a third-party firm, PNI Digital Media, which was acquired by Staples in 2014. PNI Digital Media also collects and manages customer credit card information directly through the site.

“We take the protection of information very seriously. PNI is investigating a potential credit card data security issue,” a Staples spokesperson said while speaking with The Star. “PNI is investigating a potential credit card data security issue. If an issue is discovered, it is important to note that consumers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”

The Walmart Canada hack could be troubling considering PNI website stouts the company’s “19,000 retail locations and 8,000 in-store kiosks.” It has not yet been confirmed if other retailers utilizing the service were affected.

The hack came just days before CVS shutdown their photo service in light of a potential card breach. Costco, CVS, Rite Aid, Sams Club, Tesco and Walgreens are all companies who have taken similar action in shutting down their photo service in light of the potential credit card breach at Walmart Canada.

Just last fall is was revealed that hackers broke into Staples and installed point-of-sale malware on the company’s machines for the longer-part of six months, leading to some 1.16 million credit cards being compromised. In total, some 115 Northeastern-based stored were affected in the breach.

Customers with concerns regarding the Walmart Canada hack have been directed to contact 1-888-763-4077.